CVE-2017-0377

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...

CVE-2017-0377

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...

Code injection

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...

CVE-2017-0377

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...

CVE-2017-0377

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...

CVE-2017-0377

Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay not the exit relay's family, which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families...

CVE-2017-0377

CVE-2017-0377 affects Tor 0.3.x before 0.3.0.9. The guard-selection algorithm incorrectly considers only the exit relay (not the exit relay’s family), which can allow an attacker to compromise anonymity by exploiting large family structures. The mitigation is upgrading to upstream version 0.3.0.9...

SSL Labs Grading Redesign (Preview 1)

We’re excited to share with you the first preview of our next-generation grading. This is something that’s long overdue but, due to lack of available time, we managed to keep up patching the first-generation grading to keep up with the times. Now, finally, we’re taking the next necessary steps to...

Weak Hash Algorithm

contwidgetor is using SHA-1 which is a weak hash algorithm. The use of the weak algorithm in the authentication allows attackers to easily perform collsion attacks...

Fedora 25 : graphite2 (2017-03ef6281a8)

1.3.10 - Address floating point build parameters to give consistent positioning results across platforms - Various bug fixes 1.3.9 - Add Collision COLLISSPACE to allow for visible spaces in collision avoidance - Add segment and pass direction information to tracing output - Bug fix rule length...

openssl: Non-constant time codepath followed for certain operations in DSA implementation

It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...

Analysis Firefox the shared array buffer of the UAF exploit-vulnerability warning-the black bar safety net

This article explores the structured cloning algorithm to handle the shared array buffer occurs when a reference leakage problems. While the lack of overflow checking, can be exploited to execute arbitrary code. Is divided into the following sections: Background, vulnerability, summary We exploit...

Google Gets Record-Breaking $2.7 Billion Fine for Manipulating Search Results

Google has just lost its biggest regulatory battle! Google has been hit with a record-breaking $2.7 billion €2.42 billion fine by the European antitrust officials for unfairly manipulating search results since 2008. After a lengthy seven-year investigation that was launched in 2010 after several...

TP-Link WR841N router arbitrary code execution vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword Recently, we at TP-Link WR841N V8 router has discovered two vulnerabilities, the use of these two vulnerabilities, we can in this paragraph on the router the implementation of our custom code. With the manufacturers friendly consultations after them in the new router firmware fixes...

Yelp: Firefly's verify_access_token() function does a byte-by-byte comparison of HMAC values.

Dear Yelp bug bounty team, Summary --- Firefly is vulnerable to timing attacks, because the verifyaccesstoken function performs a byte-by-byte comparison, which terminates early when two characters do not match. Timing attacks are a type of side channel attack where one can discover valuable...

UBUNTU-CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

CVE-2017-1179

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431...

CVE-2017-1179

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-835)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 It was found that the JAXP component of...

R7-2017-13 | CVE-2017-5243: Nexpose Hardware Appliance SSH Enabled Obsolete Algorithms

Summary Nexpose physical appliances shipped with an SSH configuration that allowed obsolete algorithms to be used for key exchange and other functions. Because these algorithms are enabled, attacks involving authentication to the hardware appliances are more likely to succeed. We strongly encoura...